This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

I start my cas server on a different tomcat(so I have two apache tomcats at the same time, ports are different, for example, on cas server they are 8080, 8443 and etc. and on myApp server they are 9080, 9443 and etc.), login there and when I go to login pageat my app, then: 1. then is no autologin 2. when i enter credentials, I see the stacktrace shown above I took an example from this site .
in web.xml, I've includede spring security context and set the appropriate listeners and etc. in pom(I use maven) I've added the required dependencies, described in the article. But the problem stays. I'd be glad any pieces of advice

I'm not sure of what you really want to do because I see a CAS configuration in your webapp but also a form configuration : you don't need both. The login page is hosted on CAS server and is reponsible for authenticating user, that's all : you don't need a local login page.
That's why you get the problem : you send username / password form your local login page to /j_spring_cas_security_check, which excepts a CAS service ticket from CAS server -> failed to provider a CAS service ticket !
Best regards,
Jérôme

Comment

I mean that the login page is hosted on the CAS server : you don't need to have one in applications. The authentication process is delegated to the CAS server.
You configuration looks good for CAS part, you should just remove what is linked to form authentication.
The reference documentation : http://static.springsource.org/sprin...rence/cas.html.
Best regards,
Jérôme

Comment

so, you mean I need to delete the login.jsp file and in my spring security context put url of CAS-server? I'm trying to understand the logic of the steps.

Right, remove the login.jsp and all the XML configuration added for the form authentication : remove <security:form-login, authenticationEntryPoint...
Once again, I recommend you follow the reference documentation for Spring Security & CAS (see the previous link I gave you).

The only challenge you will have is how to compute roles and define accesses on application side : generally, users are authenticated on CAS server side and their personal information (roles for example) are retrieved during authentication phase and pushed to CAS applications through custom CAS service ticket validation and it's the applications which decide what to do with these roles...

Comment

You have to change your way of thinking : you don't go to the login page by clicking on a link.

You try to access a protected url in your application, this url is protected by your Spring Security CAS client which stores this requested url and send you to the CAS server which checks if you are authenticated and (as you're not) display a login page for authentication. After successfull authentication, you are redirected back to the "CAS url" of your application (something ending with /j_spring_cas_security_check) with a service ticket granted by the CAS server. The CAS client validates the service ticket against the CAS sever and restores the originally requested url. You are now authenticated in your application.

Comment

The roles will be computed by your user details service which can grab information from a datasource in your application or use attributes pushed through CAS SAML validation (I recommend this option to centralize information retrieval on CAS server side).

Comment

It's logical : CAS security is based on the use of SSL. When you don't use SSL (for testing for example), you have a warning.
Nothing special here, nonetheless, if you want that SSO works on none SSL environment, you need to setup your CAS server to set its cookie on none-secure connection. You should set p:cookieSecure="false" in this case (cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml).
Best regards,
Jérôme

Comment

there was incorrect port in my config. when I entered the correct port, I finally obtained the needed CAS server login page via SSL.
BUT my happiness was not so long... when I entered credetials, I saw in my browser next message:
HTTP Status 404 - /spring-security-cas/j_spring_cas_security_check

type Status report

message /spring-security-cas/j_spring_cas_security_check

description The requested resource (/spring-security-cas/j_spring_cas_security_check) is not available.